Exim

Exim

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-30232

  • EPSS 0.02%
  • Veröffentlicht 27.03.2025 00:00:00
  • Zuletzt bearbeitet 30.09.2025 21:52:55

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

9.8

CVE-2025-26794

  • EPSS 67.74%
  • Veröffentlicht 21.02.2025 13:15:11
  • Zuletzt bearbeitet 25.09.2025 13:12:00

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.

5.4

CVE-2024-39929

Exploit
  • EPSS 54.1%
  • Veröffentlicht 04.07.2024 15:15:10
  • Zuletzt bearbeitet 10.07.2025 22:15:25

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

3.1

CVE-2023-42119

  • EPSS 0.95%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability...

9.8

CVE-2023-42117

  • EPSS 10.9%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability...

9.8

CVE-2023-42116

  • EPSS 6.73%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability....

9.8

CVE-2023-42115

  • EPSS 72.9%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 07.08.2025 18:04:28

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific fl...

5.3

CVE-2023-42114

  • EPSS 13.9%
  • Veröffentlicht 03.05.2024 03:15:49
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability....

5.3

CVE-2023-51766

Exploit
  • EPSS 1.64%
  • Veröffentlicht 24.12.2023 06:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:21

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mecha...

9.8

CVE-2022-3620

  • EPSS 0.7%
  • Veröffentlicht 20.10.2022 20:15:09
  • Zuletzt bearbeitet 23.05.2025 18:29:51

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The ...